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Security Extensions For HTML 
Status of this Memo 


This memo defines an Experimental Protocol for the Internet 
community. It does not specify an Internet standard of any kind. 
Discussion and suggestions for improvement are requested. 
Distribution of this memo is unlimited. 


Copyright Notice 
Copyright (C) The Internet Society (1999). All Rights Reserved. 
Abstract 


This memo describes a syntax for embedding S-HTTP negotiation 
parameters in HTML documents. S-HTTP, as described by RFC 2660, 
contains the concept of negotiation headers which reflect the 
potential receiver of a message’s preferences as to which crypto- 
graphic enhancements should be applied to the message. This document 
describes a syntax for binding these negotiation parameters to HTML 
anchors. 


1. Introduction 

2. Anchor Attributes 

We define the following new anchor (and form submission) attributes: 
DN -- The distinguished name of the principal for whom the 
request should be encrypted when dereferencing the anchor’s url. 
This need not be specified, but failure to do so runs the risk 
that the client will be unable to determine the DN and therefore 
will be unable to encrypt. This should be specified in the form 
of RFC1485, using SGML quoting conventions as needed. 
NONCE -- A free-format string (appropriately SGML quoted) which 
is to be included in a SHTTP-Nonce: header (after SGML quoting 


is removed) when the anchor is dereferenced. 


CRYPTOPTS -- Cryptographic option information as described in 
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[SHTTP]. Specifically, the <cryptopt-list> production. 
2.1. CERTS Element 


A new CERTS HTML element is defined, which carries a (not necessarily 
related) group of certificates provided as advisory data. The element 
contents are not intended to be displayed to the user. Certificate 
groups may be provided appropriate for either PEM or PKCS-7 
implementations. Such certificates are supplied in the HTML document 
for the convenience of the recipient, who might otherwise be unable 
to retrieve the certificate (chain) corresponding to a DN specified 
in an anchor. 


The format should be the same as that of the ’Certificate-Info’ 
header line, of [SHTTP] except that the <Cert-Fmt> specifier should 
be provided as the FMT attribute in the tag. 


Multiple CERTS elements are permitted; it is suggested that CERTS 
elements themselves be included in the HTML document’s HEAD element 
(in the hope that the data will not be displayed by S-HTTP oblivious 
but HTML compliant browsers.) 


2.2. CRYPTOPTS Element 


Cryptopts may also be broken out into an element and referred to in 
anchors by name. The NAME attribute specifies the name by which this 
element may be referred to in a CRYPTOPTS attribute in an anchor. 
Names must have a # as the leading character. 


2.3. HTML Example 


An example of cryptographic data embedded in an anchor, proceeded by 
a certificate group is provided below. Note the SGML quoting syntax 
used to supply embedded quotation marks. 


<CERTS FMT=PKCS-7> 

MIAGCSqGS Ib3DQEHAGCAMIACAQEXADCABgkqhkiG9w0BBwEAAKCAM 
TIBrTCCAUkCAgC2MA0GCSqGS Ib3DQEBAgUAME0xC ZAJUBgGNVBAYTA1LVTMSAwH 
gYDVOOKEXdSUOEGRGFOYSBTZWN1icm10eSwgSW5 jLJECMBOGALUECXMTUGVyc 
29uYSBDZXJ0aWZpY2F0ZTAeFw0OSNDAOMDkwMDUWMzdaFw0 5NDA4MDIxODM4N 
TdaMGcxC zAJBgNVBAYTAILVTMSAwWHgYDVQQKEXdSUOEGRGFOYSBTZWNicm10e 
SwgSW5 jJLJECMBoGA1LUECXMTUGVyc2 9uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA 
xMPU2VO0OZWMgOXNO0cm9ub215MF wwDOQYJKoZIhvcNAQEBBOAD SwAwSAJBAMy 80 
cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDE1X/qw9mIQu4xNj1FfepfINx 
zPvA0OtMKhy6+bkr1yMEU8CAwWEAATANBgkqhkiG9wOBAQIFAANPAAYn7 jDgi 
rhilL4wnP 8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN7 8vAMGP 8d8 
2H5+Ndfhi2mRp4YHiGHzOH1K6VbP fnyvS2wdjCCAccwggF RAGUCQAAAFDANB 
gkqhkiG9wOBAQIFADBfFMOQswCOYDVQQGEWJVUZEgGMB4GA1UEChMXUINBIERhd 
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GEgU2VjdXJpdHksIEluYy4xLjJASBgNVBASTJUxvdyBBc3NlcmFuY2UgQ02Vyd 
GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQWMTA3MDAWMDAWwWhcNOTYwMTA3M 
jMLOTU5WjBNMOswCOYDVOQGEWJVUZEGMB4GA1UEChMXULNBIERhdGEgU2Vjd 
XJpdHksIEluYy4xHDAaBgNVBASTE1B1cnNvbmEgQ2VydGlmaWNhdGUwaTANB 
gkqhk iG9w0BAQEFAANYADBVAk 4GqghQDa9Xi /2zAdYEqUVICYh1LNIFpI9txX 
Q1m6zZ39PYXK8Uho jJOES7kKWRV8hCO04vqkOKwndWbzVtvoHOOmP 8nOkkuBitA 
QvgF oORcgOUCAWEAATANBgkqhkiG9w0BAQIFAANNAD/5U07xDdp4 9oZm9GONc 
PhZcWlet+nojLVHXWAU/CBkwfcRt+FSf4hQ5eFulAjYv6Wwgf430Xe9Et5+jgnM 
Tiq4LnwgTdA8xQX4el1Jz 9OzQobkE3XVOjVAtCFcmiin8 0RB8AAAMYAAAAAAA 
AAAAA== 

</CERTS> 

<A name=foobar 

DN="CN=Setec Astronomy, OU=Persona Certificate, 

O=&quot;RSA Data Security, Inc.&quot;, C=US" 
CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt; 
SHTTP-Signature-Algorithms: recv-required=NIST-DSS" 
HREF="shttp://research.nsa.gov/skipjack-holes.html"> 
Don’t read this. </A> 


3. Security Considerations 
This entire document is about security. 
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6. Full Copyright Statement 
Copyright (C) The Internet Society (1999). All Rights Reserved. 


This document and translations of it may be copied and furnished to 
others, and derivative works that comment on or otherwise explain it 
or assist in its implementation may be prepared, copied, published 
and distributed, in whole or in part, without restriction of any 
kind, provided that the above copyright notice and this paragraph are 
included on all such copies and derivative works. However, this 
document itself may not be modified in any way, such as by removing 
the copyright notice or references to the Internet Society or other 
Internet organizations, except as needed for the purpose of 
developing Internet standards in which case the procedures for 
copyrights defined in the Internet Standards process must be 
followed, or as required to translate it into languages other than 
English. 


The limited permissions granted above are perpetual and will not be 
revoked by the Internet Society or its successors or assigns. 


This document and the information contained herein is provided on an 
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
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